GOVERNMENT

Nasdaq Outage Explored: 7 Facts

Security experts dismiss reports that DDoS attack compromised systems in New York City and crashed Nasdaq exchange. But squirrels have not been ruled out.

What caused Thursday's Nasdaq crash?

Thankfully, the crash didn't involve an actual stock market plunge, but rather an apparent technical glitch in Nasdaq's systems that led to a three-hour outage.

Of course, those facts may not have been evident given some conjecture-filled reports on the downtime, with one noting that it "had all the earmarks" of an online attack. In fact, officials have seen no signs suggesting that hackers added a U.S. stock exchange takedown feather to their cap.

Here are seven facts to set the record straight:

1. Signs Point To Data Feed Failure

In fact, early signs are that the outage was caused by a connectivity problem involving a data feed from Nasdaq rival NYSE Arca, which resulted in price quotes not being received. Nasdaq officials told The Wall Street Journal that IT staff should have been able to manage the problem and prevent trading having to come to a halt. Obviously that didn't happen.

While Nasdaq is still investigating the outage, forget the notion that this particular incident involved the exchange being hacked, and dismiss the suggestion -- relayed photographically by numerous stories -- that the incident happened in New York City. "Nasdaq is neither in New York nor on the Internet," said Robert David Graham, CEO of Errata Security, in a blog post.

"While the Nasdaq market is computerized, it's not really on the Internet. There's no way to DDoS it from the Internet," said Graham. "Sure, there's a path to the Internet; many of the ubiquitous Bloomberg terminals on the Internet can eventually cause trades to happen, but fundamentally the market has its own private network. Trades can continue in the face of any sort of DDoS attack."

3. Outages Are Not Unusual For Exchanges

In the wake of the outage, Nasdaq promised to do better. "Our systems, and the industry's, have to get to a higher level of robustness," Robert Greifeld, chief executive of Nasdaq parent company Nasdaq OMX Group, told the Journal.

Such outages are far from unknown. "This is not the first time that trading on an exchange has suffered a technological problem and probably not the last time. There were other examples, such as the Flash Crash in 2010, the Facebook IPO, while Goldman Sachs was hit by a bug and there was the Knight Capital case last year," said Arie Gozluklu, an assistant professor of finance at Britain's Warwick Business School, via email. "There is speculation this is down to the number of high-frequency traders, as algorithmic trading now makes up between 50% and 60% of trades in the U.S."

While stock exchange downtime may be costly and inconvenient, are outages completely avoidable? In fact, even some of the biggest names in technology aren't immune. In the past week, for example, outages bedeviled Google, which suffered a four-minute outage last Friday. And Amazon.com on Monday suffered a 49-minute blackout in North America.

5. Hack Attacks Not The Leading Cause Of Outages

Interestingly, not one of this week's outages has been ascribed to hackers. In fact, when it comes to downtime, external hackers take second billing to a host of more mundane concerns -- not just unhappy insiders, but also natural phenomenon, including snowstorms and heavy rainfall, or even the failure of a business partner's systems.

6. The Smart Money Usually Says Squirrel

Some causes of outages are more mundane, but tough to prevent. For example, one of the more embarrassing Nasdaq outages occurred in 1994, when a kamikaze squirrel triggered 34 minutes of downtime. In fact, that was the second rodent strike in less than seven years.

7. Expect Investigations And Fines

As Nasdaq continues to investigate the cause of Thursday's outage, what might happen next? Gozluklu believes the outage may lead to fines for Nasdaq -- which is a money-making institution -- and could put it at a competitive disadvantage against its largest competitor, the New York Stock Exchange. But then again, the crackdown may not stop with Nasdaq.

"Trust in the exchange is very important and the U.S. Securities and Exchange Commission are likely to push for more stringent rules to stop these system failures," Gozluklu said. "There could be fines or penalties for technological problems, but it should also take into account other players in the game, not just the exchanges."

NASDAQ needs, and probably has, mapping software that draws a complete picture of its compute and network devices, then maps their dependencies. The map should then be loaded into a simulation engine that does what Netflix' Chaos Monkey does in its cloud service: it tests the resilience of the service by unleashing unpredicted outages at random points..A real Chaos Monkey will generate tests that normal humans would shrink from or never think of.

NASDAQ and other exchanges spend on the systems that attract high speed traders and exchange traded funds, not so much on obligatory systems to inform other exchanges and regulators of the prices on its trades. We need a tougher regulatory climate to reverse this.

The problem is that looking from outside, technology seems simple. Looking from inside, it is extremely complex. Most people tend to think all systems ought to work without any problems. But that is impossible. Even the most highly redundant systems will and can fail.